I am a big fan of privacytools. Here, I wanna share my understanding of how 3rd-party trackers compromise our privacy – who gets what, and how they hurt us.
I am talking about the legitimate ones, such as Google Analytics, Clicky, ShareThis, Facebook SDK, etc. Actually, I have tried a couple of trackers on a static blog to get the traffic statistics.
Everybody including me hates trackers. I am not going to claim that they are good. This is by no mean my conclusion. I am open to your feedback.
Who Gets What
There are three different roles in the game of traffic analysis: 1) the website owner, 2) the vendor of the tracker, 3) the website visitors.
A. Website owner
The website owner gets the traffic statistics: unique visitors, hits, shares on social media, per page and/or the whole site, maybe some statistics of when and where the visitors come from.
The website owner DO NOT get the exact IP addresses and detailed fingerprinting of the visitors from a legit 3rd-party tracker. If the website owner owns the server, she may get those information directly from the logs, but that is not about the tracker.
B. Tracker Vendor
The vendor of the tracker gets all the detailed information of the visitors. The pages they visited, their IP addresses, browser fingerprints, even the trace of visitor’s attentions on certain page.
What’s worse, the tracker vendor gets above information of a visitor from not only one website, but all the websites using its tracker and visited by that user.
Based on these visiting trace of a user collected by the vendor of the tracker, some data mining would be applied to profile this user: what she likes, where she lives, her lifestyle, what she needs, her political preferences, etc.
The real danger of 3rd party tracker is the invasive data mining power enabled by these tracing data.
C. The visitor(s)
The visitors may get some convenience, e.g. ShareThis, along side the information and service from the website owner(s). The price they paid are their personal information and preferences. By giving those privacy to the tracker vendors, visitors are more vulnerable to manipulation.
3rd-party tracker is bad, but it is still miles away from hacking or identity theft. The website owner can not pinpoint the visitors through a legit 3rd-party tracker. Using 3rd-party tracker is totally different from fishing.
The real big threat comes from the data mining of a powerful vendor of the 3rd-party tracker, such as Google. They profit from those data by delivering ads based on user profile.
As long as we visit website via Tor, giving the website fake browser fingerprinting, we are free from 3rd-party trackers. Because the threat of data mining has gone. If you are already on Tor (Browser), trackers do not get your privacy.
If we just do regular web surfing via direct connection, uBlockOrigin or similar tool is essential. Because it prevent tracker to collect the tracing of our surfing.